Had to rewrite the thing, because gcc's warnings don't work
with templatized var-args. Since there is no string-format.cpp
and I didn't want to inline it, moved it to format.cpp.
String formatting is distributed around at least four
headers: membuffer.h, subsurface-string.h, format.h
and format-string.h. This really should be unified!
Signed-off-by: Berthold Stoeger <bstoeger@mail.tuwien.ac.at>
Remove the options to expand entities and so continue when encountering invalid /
malformed XML, as both of these can be exploited by supplying
maliciously crafted XML.
Signed-off-by: Michael Keller <mikeller@042.ch>
Create a format_string_std function that works like format_string,
but does return a std::string instead of a strdup()ed C string.
Make it a global function to be used in other parts of the code.
Signed-off-by: Berthold Stoeger <bstoeger@mail.tuwien.ac.at>
This was very annoying, because the old code was not const-clean
at all and trampled all over buffers. This makes the new code
pretty messy for now.
Signed-off-by: Berthold Stoeger <bstoeger@mail.tuwien.ac.at>
